Grzegorz, IMHO even if a fault contains a security header then these headers shouldn't processed. Usually a fault is generated by the SOAP engine even due to some wrong info (e.g. the security handler do this) or on behalf of the application (service) that throws an exception. Thus it is not guaranteed that the security data is correct or valid.
Provessing probably wrong/faked security data would itself lead to an exception .... Regards, Werner > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 15. Dezember 2005 11:59 > An: [email protected] > Betreff: wsse:Security header and soap:Fault > > Hi! > > In WSDoAllReceiver there is a snippet of code commented with "Don't > process faults ...". > I wonder why the handler does not process the Signature and > other headers > when it finds > the soap:Fault element. In my application I got a soap response with > soap:Faults but which > still had security headers (Signature, Timestamp, > BinarySecurityToken). > > I suggest not processing the faults if and only if there is no > wsse:Security soap header. > > Grzegorz Grzybek > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
